Xiaomi smartphones have been a budget-friendly smartphone in the market for the past few years. With the fascinating features, powerful camera, friendly UI, and powerful specs, Xiaomi’s smartphones are getting even more handy for end-users. They have been providing tempting offers, and people are always attracted to it. Amidst this popularity, Xiaomi phones have recently faced accusations of the collection of web browsing data.
What’s the story?
Apart from its qualities recently, Xiaomi web browsers were accused of collecting users’ data. This incident is of significant concern in the privacy of the MI users. According to cybersecurity researchers, Gabriel Cirlig and Andrew Tierney along with Forbes cybersecurity contributor Thomas Brewster reported that Xiaomi web browsers were having major user privacy issues. The web browsers were sending the data to remote servers. The data being sent included searched queries, device metadata, all products visited on Xiaomi’s news feed, including the website visited, including its URL. The surprising fact is that the data are being collected even via incognito mode.
This data issue was found on the pre-installed stock web browser on MIUI, including the Mint browser and MI browser pro. The stock browser is pre-installed on all Xiaomi devices. Together, the two browsers have over 15 million downloads on the play store. There wasn’t any difference between Xiaomi’s android one or MIUI devices though the code was pre-organized in the browser. The security test was done on different devices which include, Xiaomi Mi A1, Xiaomi Mi 10, Xiaomi Redmi Note 8, Xiaomi MI mix and the Xiaomi Redmi K20. Other browsers like Google chrome, safari fetch lesser user data.
What does Xiaomi say?
Xiaomi responded to the incident by writing a blog post stating that the company has been fetching data such as memory usage, system information, receptiveness, liking, user boundary feature usage, and performance. However, the data collected cannot be used to identify an individual and isn’t used in any way to breach personal information
They also stated that the user’s information (history) is synced if they have logged in into the MI account. The user’s data isn’t synced in the incognito mode, but collective usage figures data is collected to enhance user familiarity, concerning the anonymity of the Xiaomi users. Facebook has more than 500k behavioral analysis points for each one of its users, so the fact that Xiaomi logs usage stats for and through the apps.
The accusations are that user data is being sent to remote servers in countries like Russia and Singapore, including web domains hosted in Beijing. Almost all Xiaomi smartphones in Nepal are imported from India which are manufactured within India. Giving a letter to the press, Manu Jain, Xiaomi India managing director, refused the allegations, stating that the MI Browser pursue similar protocols comparing to any other web browser. Jain noted that the browser does not fetch any user’s information. Every user data in “incognito mode” is encrypted and kept secret.
Xiaomi’s quick response to the incident is praiseworthy, but the statements are not being considered satisfactory for the cybersecurity researchers and analysts. We will be updating you about the story’s further development. Also, comment down below your thoughts on this incident.